diff options
| -rw-r--r-- | system/core/Security.php | 4 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 3 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 6f5f5cb90..5c5c0efb6 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -553,9 +553,9 @@ class CI_Security { { $matches = $matches1 = 0; + $str = preg_replace('~(�*[0-9a-f]{2,5});?~iS', $str, -1, $matches); + $str = preg_replace('~(&#\d{2,4});?~S', $str, -1, $matches1); $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches); - $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1); } while ($matches OR $matches1); diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8f5cffcb0..b5c00699a 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -618,6 +618,7 @@ Bug fixes for 3.0 - Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items. - Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``. - Fixed a bug (#33) - Script execution was terminated when an invalid cookie key was encountered. +- Fixed a bug (#2681) - `CI_Security::entity_decode()` used the `PREG_REPLACE_EVAL` flag, which is deprecated since PHP 5.5. Version 2.1.4 ============= |